A user may encounter a random disconnect issue after logging into Citrix Gateway SSL VPN when GSLB is used.

Errors found in the VPN log associated with the issue:
14:37:03.925 | EVENT | The NetScaler Gateway (X.X.X.X:443) is not accessible. Trying to reconnect ...
14:37:03.930 | DEBUG | RedrawActiveXWnd: 2001:0
14:37:03.933 | DEBUG | Calling Shell_NotifyIcon
14:37:03.939 | DEBUG | Shell_NotifyIcon succeeded
14:37:03.939 | EVENT | 2001: Your NetScaler Gateway session timed-out and you are not connected.

In examining an nstrace captured from the Citrix ADC to analyze the traffic flows, it was noted the client was getting a different IP address with multiple DNS requests.
 

Problem Cause

Clients will send multiple DNS requests during connection to the SSL VPN vServer.  In the customer's lab, LDNS uses multiple IP addresses as source IP to send these DNS requests to Citrix ADC, which broke the source IP persistence in GSLB.

Clients received a different VIP for the FQDN of SSL VPN as the connection was switched to another SSL VPN vServer at another GSLb site, so the VPN is disconnected after the client sent new requests to the different IP address.